Warning: this is a bit of a long one. Skip to the end if you just want to see what I think I will do.
I use Free / open source software a lot. Directly, it powers pretty much every system we use for our business, and a lot of the systems we use at home (although there is some, mainly thanks to Apple, some non-FOSS code there too).
I'm writing this in
apostrophe (which probably relies on someone else's spell check library etc), showing via GNOME desktop manager, on Debian. With a non-standard kernel thanks to the wonderful people behind the
linux-surface project. I'll post it on my blog, which runs HTMLy, on top of apache2 with php, secured by Let's Encrypt, all running atop Ubuntu. I'll tweet about using cawbird, and post it on mastodon via, well, mastodon, which runs on Debian plus all manner of other bits, with nginx in front of it.
And, while I do try to contribute back, it's meagre and, if I'm honest, it's rather half-hearted. I could - and should - do more.
The log4j security issue, and the discussions around sustainability of what are, in effect, critical software components, is making me think about this. And, in thinking, and writing it down, I'm hoping this will give me a nudge towards doing something.
This is about me, not about fixing systemic issues
Lots of people have lots of takes on what could be done.
I'm looking at this from the perspective of what I can do, rather than what others could do, or what systemic issues there are.
So this is from the perspective of me as a user, and me as the person who runs a small business willing to contribute towards the FOSS tools it uses.
So that means making better use of existing approaches
Since this is about me, I'm not really thinking about what could be done differently. It's about how I can use the tools currently available.
Paying when payment is an option
When there is an option to pay for FOSS at point of installation, I use it.
This was more common in Apple's ecosystem (which I am now using far less) simply because the Apple App Store has an integrated, and very convenient, payments mechanism. The SIP client Blink is a good example of this.
Outside the App Store, I was perfectly content to pay for the updates to
gpgtools. In fact, I was pleased when they moved to that model, as I was worried about the sustainability of a tool I relied on.
However, on Linux, I rely on
apt or, if that's not an option,
flatpak. And those don't have payment mechanisms built in. In essence, they are just too convenient.
I have no problem at all with developers who make make source available freely, and also make binaries available via an app store on a "for charge" basis.
Perhaps I should be a little uncomfortable for that, because:
- it perhaps penalises those who don't have the knowledge / time / equipment / (for some platforms, developer credentials, which may mean money) to compile from source.
- what is a reasonable / affordable price to me was going to be far more challenging for others, especially in countries where salaries are much lower. I remember seeing conversations of this nature about gpgtools' pricing.
But, overall, I see that charging for binaries is a sensible way for a developer to operate sustainably, while remaining consistent with Free / open source licensing requirements.
I'm not a fan of subscriptions, and Liberapay is subscription-focussed, but perhaps I should use it?
Quite a few projects rely on Liberapay.
And, as the tagline says:
Liberapay is a recurrent donations platform.
I'm not a huge fan of subscription-based software, yet I - personally - value a reasonably steady income, so I can see why a subscription model would be attractive to developers.
I think I could use Liberapay for one-off donations, by just not setting a date for the next recurrence of the payment, but it feels like a kludge.
Perhaps I need to get over myself, and my dislike of subscription models. Perhaps I'm just being selfish in not liking subscriptions, and I should make more use of Liberapay.
(Perhaps I should also give Liberapay a hand with its privacy notice, which doesn't include most of the information required by the GDPR, despite requiring an email address for sign-up.)
Paying for "premium" features
I guess this is a form of "open core".
Bitwarden was an interesting one for me, given the premium features require a subscription.
But I did want Bitwarden's support for TOTP ("Bitwarden Authenticator"), so I "had" to pick the premium, paid-for, option.
And that's fine: it's a low price (for me), and I want to support ongoing development / sustainability.
I could make a point of paying for premium features whether I need them or not, since the developer has obviously set up a process for taking payments via this channel.
Sending "tips" more often
Some FOSS projects have developer-based support, such as a forum, with a link in the dev's signature block for tips. I don't find myself asking for help that often, so this is an occasional one for me, but I do leave a tip when it comes up - usually about the price of a coffee or two.
I could make a point of hunting out developer's tip jars, and contributing to them, whether I use their forum assistance or not. But time is usually not on my side, and going hunting for something which I do not know is even there to be found would be frustrating.
In a similar vein, I know some developers have Amazon wishlists and the like. That's the way I've contributed to Jules' wonderful zend.to FOSS file transfer system project (although he also has a PayPal link).
Donating more regularly
I make the occasional donation, and I could be better here, as I don't have a systemic approach to donating.
In other words, I tend to donate if there has been some particular trigger tempting/persuading/reminding me to do so, and there is a readily available donation link.
It still doesn't solve the issue of who gets my donations (below), but I could be better at making a point of going through the tools I use the most, and looking for ways to pay.
Actually, scratch that. I'm using the markdown editor
apostrophe to write this, so I've donated to the person listed as the maintainer. But is donating to the maintainer the right (and only) thing to do, or should I be trying to find other developers? Tricky, and I must admit I went for the easy option...
Non-financial contributions are fine - perhaps even essential - but they don't feed a developer
Most of my (meagre) contributions are non-financial.
I like to help out on forums from time to time, helping people with issues which I've faced and solved. In the early stages of the pandemic, I spent quite a lot of time on the jitsi forum, for example, trying to help people get a jitsi instance set up (or persuading them just to use the demo instance).
I'm also happy to fix documentation, make tweaks to a wiki, and raise issues, and report problems, and write about FOSS / encourage uptake / raise awareness.
I can also, from time to time, give free English law legal advice, but I limit this because selling legal advice is how I make money!
And all these are well and good, and serve a purpose.
But what they don't do is put food on a developer's table, which is the purpose of this.
Who do I pay, and how much do I pay?
Who do I pay?
Although I said that this blogpost is not about systemic issues, this bit kind of is, in the sense of how do I, as a user / small business owner, recognise the sheer volume of tools on which I rely.
For example, I favour Debian over other distros. But Debian is made up of many thousands of tools, each of which could, I suspect, do with support. Do I support Debian? Or try to work out how to contribute more widely?
I suspect that I'm more likely to contribute to things with which I interact directly. User applications are the most obvious example, but also server components where I am going through the process of setting them up.
Core components - the unseen pillars on which my use of FOSS is grounded - are trickier.
I know that organisations like Tidelift are looking at this, and I think that is great. But Tidelift is not - yet, at least - a solution for individuals, or smaller businesses, even if only because its starter tier is $1,500 per month.
I don't have an answer to this, and I'm reasonably content that paying some developers - or, indeed, paying more developers - is better than paying no developers or no more developers. But I wish there was a better answer.
How much do I pay?
Where a developer sets an expectation of price, and where that's within my budget and expectations, that's easy.
But many are just donations, or tips, at the giver's choice. I am sure there are good reasons for that, if only that everyone has different financial means, and different people place different value on different tools. But it does make it harder for me to work out what to contribute:
Is a small script which scratched a significant itch for me deserving of a bigger contribution than a massive, hugely complex, project which helped me in a much less significant way?
What about someone's very helpful installer program, when the heavy lifting underneath is done by other FOSS projects. The installer made my life so much easier, but it would be nothing without the programs on which it builds.
Do I benchmark against a piece of software's non-FOSS alternatives?
Is there a risk that a developer will think my donation is too small and is offensive or belittling? Or too large, and that they are somehow beholden to me?
Is giving lots of project a little better than giving one or two projects more?
Again, I'm tempted to go with "any donation is better than no donation", and to attempt to worry less about what the developer might think. Perhaps they were hoping for the price of a new laptop rather than the price of a meal but, hey, they still got that meal.
So what am I going to do?
I'm going to think some more, but I think my plan is:
I will keep notes, to make paying easier. If a developer has included a link / asks for donations, I'm going to make a note of it, whether I donate there and then or not.
I will look to pay for premium features where they are offered, even if I don't need them but I make good use of the core software.
I will aim to pay out a sum of money each month for donations, probably for software I rely on for our business. Perhaps £100 a month. Whether that's donations or tips or a premium feature or a support plan or whatever.
- I've updated the decoded.legal website with a page about our FOSS usage and contributions.
I will probably try to spread it a little, rather than one just project, but I expect I get way more value from something like nextcloud or Debian than £100. Aaargh.
I'm going to prioritise projects which don't have a clear source of other, especially corporate, funding. That's not to say that I don't value them, but I expect that the other projects are where my small donations can make the most difference.
I'm going to see what others suggest.
- This piece, from the developer of PuTTY is worth reading.